Solana Dismisses CertiK’s Findings
Solana Labs has dismissed a recent video by CertiK, stating that the blockchain security firm made several inaccurate claims about a potential security vulnerability in Solana’s Saga phone.
Saga Phone Overview
Saga is Solana’s crypto-enabled Android phone and was released in April. The phone is designed to pair Web3 with smartphones.
The CertiK Video
CertiK, in a post on X (formerly Twitter) on the 15th of November, claimed that the Saga phone contained a critical vulnerability known as a “bootloader unlock” vulnerability. The vulnerability could give malicious actors a backdoor entry into the phone and compromise the initial software responsible for the starting of the device to be compromised.
CertiK also claimed the bootloader vulnerability would allow any attacker with physical access to a phone to load custom firmware that contains a root backdoor. CertiK stated,
- “We demonstrate that this can compromise the most sensitive data stored on the phone, including cryptocurrency private keys. The boot loader is unlocked, and software integrity cannot be guaranteed. Any data stored on the device may be available to attackers. Do not store any sensitive data on the device.”
The message from CertiK indicates that the phone could be hacked. However, it isn’t yet clear if the vulnerability is unique to the Saga phone or if it could impact other Android devices.
Solana Calls CertiK Claims Inaccurate
However, Solana has dismissed CertiK’s concerns about any potential vulnerability in the Saga phone. Lead software engineer of mobile at Solana Labs, Steven Laver, stated that the CertiK video did not reveal any known vulnerability or security threat to Saga users. Instead, the video only demonstrates the user unlocking the bootloader, which Laver stated could be done on any Android device.
“The CertiK video does not reveal any known vulnerability or security threat to Saga holders. The video shows the user unlocking the bootloader, which is something that can be done on many Android devices.”
Android’s internal Open Source Project documentation also shows that unlocking a bootloader is an action that can be performed across several Android devices. Laver further added,
“Unlocking the bootloader is an advanced feature of Saga and is disabled by default. We believe in allowing users the choice of how they use their phone. However, unlocking the bootloader is not a security vulnerability – a user must explicitly allow such changes to be made to their device, and those changes can only be made by an authorized user of the phone.”
However, if the user or attacker proceeds to unlock the bootloader, they not only go through multiple warnings but their device is wiped, along with their private keys. Laver added that this process could not be done without the user’s awareness or active participation. The video then showed how the attacker could drain BTC from the wallet attached to the phone. However, it did not show Seed Vault in the video. Seed Vault protects supported digital assets and seeds.
The Saga Phone
Saga was launched in April and was designed to pair the Web3 ecosystem with smartphones. Apart from traditional app stores, Solana also offers a separate app store. The phone allows users to have self-custody of their assets and keep them with them on the go. A few months after its launch, Solana slashed the price of Saga by 40%, from $1000 to $599.
At the time, the head of business operations for Solana Mobile, Emmett Hollyer, stated that price reduction was a common strategy employed in the consumer electronics business, particularly when it came to smartphones.